Latest InfoSec Threat Research & News

Latest News

What do I do if my Twitter account is hacked?

Jan 27, 2012 - Many Naked Security readers ask for assistance when their accounts are hacked, or when their (continue reading...)
Data Privacy Day 2012

Jan 27, 2012 - Lately, it seems that barely a day goes by when we don’t learn about a (continue reading...)
6 Trends for 2012: @McAfeeBusiness January #SecChat Recap

Jan 27, 2012 - With the McAfee Labs’ 2012 predictions report as a guide, we started off this month’s (continue reading...)
Here comes the Sun. There goes the Internet.

Jan 27, 2012 - Last year, the Egyptian government shut down the Internet for 5 days during the anti-government (continue reading...)
Exploring 2012 Data Privacy Threats: Part 2 of 3

Jan 27, 2012 - This is part two in a series of three on data privacy. Read Pat’s first (continue reading...)
#7 Nessus Versus Malware – Top Ten Things You Didn’t Know About Nessus

Jan 27, 2012 - Nessus has several different plugins and techniques for helping you with the fight against malware. (continue reading...)
Relative exposure to malware

Jan 27, 2012 - If you work at an antivirus company, be sure that family members will soon ask (continue reading...)
MIDI exploit in the wild

Jan 27, 2012 - Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' (continue reading...)
Android.Counterclank Found in Official Android Market

Jan 27, 2012 - Symantec has identified multiple publisher IDs on the Android Market that are being used to (continue reading...)
Facebook sues alleged clickjacking firm

Jan 27, 2012 - Facebook has filed a law suit a firm who, they say, bombarded users with clickjacking (continue reading...)

Featured

To validate or not, is that the question?

Jan 19, 2012 - Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server host and not the actual Web application. I actually had not manually validated every single finding in that regard. I paused to think about it and understood why he asked. The scope of the assessment stated we’d use automated tools (continue reading...)

Read full story

More Featured News

The critical Web-based systems that are going untested and unsecured

Jan 05, 2012 - I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security (continue reading...)
Securing FTP Running on Your Web Server

Dec 23, 2011 - I’ve had several questions from clients recently on how they can to secure FTP running on their web servers. The easy and short-sighted response would be “Are you nuts? You (continue reading...)
Good Web Security Tools and Why They Matter

Dec 14, 2011 - Like chemists, carpenters and doctors, those of us working in IT need good tools if we’re expected to do a good job. When dealing with application security, good security testing (continue reading...)
Why You Need Intruder Lockout

Dec 01, 2011 - It’s a very predictable web security flaw — in fact, it’s something I find in the majority of my web security assessments: the lack of intruder lockout on login pages. (continue reading...)

Browse our Featured collection

More News

Microsoft

Microsoft’s Kelihos botnet suspect used to work for computer security firm

Microsoft has alleged that a computer security firm's ex-employee is the mastermind behind the Kelihos botnet.

The Microsoft-Kelihos Tango Continues

Microsoft is going all out on hammering the last nail on Kelihos’s coffin. The (continue reading...)

Halo 4 Beta Invites? Nope.

There have been warnings over the last few days regarding a Halo 4 Beta invite scam. Information was pretty thin on the ground, however, so I decided to take a look – especially (continue reading...)

January 2012 Security Bulletin Webcast Q&A

Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded nine questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There (continue reading...)

January 2012 Patch Tuesday Security Briefing

Paul Henry, Security and Forensics Analyst for Lumension, discusses the impact of the January 2012 Patch Tuesday releases. (continue reading...)

January 2012 Security Bulletins Released

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified (continue reading...)

Symantec Security Response

MIDI exploit in the wild

Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch against this vulnerability (continue reading...)

Android.Counterclank Found in Official Android Market

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to (continue reading...)

Insight into Sykipot Operations

The Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a (continue reading...)

Feb 14 Is Here Again!

Spam levels always rise when a holiday or special event approaches. Symantec researchers are observing a surge of spam as Valentine’s Day gets closer and closer. Unbelievable discounts on jewelry, dinners, and expensive gift articles (continue reading...)

Are You Ready For Some Football?

Contributor: Masaki Suenaga We certainly are! It is American football season and the Super Bowl is right around the corner. Apparently, so are the malware authors. It would not be the first time they took advantage (continue reading...)

iPad 3 Spam

Recently, I came across a scam email that is trying to take advantage of the hype surrounding the yet-to-be-released iPad 3. The release date of the iPad 3 is still unknown but spammers are already (continue reading...)

TrendMicro

Start 2012 Right: Resolve To Stay Safe Online [INFOGRAPHIC]

While it’s always important to take care of our physical bodies in order to enjoy long, fruitful lives with our families and loved ones, we also believe that we must exert as much effort in (continue reading...)

Spammers Target Facebook and Twitter at Once

Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging (continue reading...)

Months-Old Skype Vulnerability Exploited in the Wild

Cybercriminals have once again used a not-so-new but still a seemingly promising medium for their malware campaigns. Earlier today, ZDNet reported a “new” exploit that targets Skype users. This exploit (continue reading...)

Microsoft Help Center Zero-Day Exploits Loose

Heads-up for users still running Windows XP: The unpatched Help Center flaw revealed last week is now out in the wild and being used to launch malware attacks against target users. This new zero-day (continue reading...)

Passwords Matter—The Hidden Risks “Minor” Info Stealers Pose

Last week, we had two major mass compromises. The first one hit more than 100,000 websites, including major news sites like the Wall Street Journal and the Jerusalem Post. (continue reading...)

Spoofed Trend Micro Alert Leads to Canadian Pharma Site

With the underground economy still thriving, cybercriminals will surely use any method such as Canadian pharma spam runs to facilitate their information theft operations. Canadian pharmacy sites are known to be used by scammers to sell (continue reading...)